<?php
    session_start();
    header('X-Frame-Options: DENY');
    require 'anti_csrf.php';
    $item_id = $_GET['itemid'];
    if(!preg_match('/^\d+$/', $item_id)) {
        die('Invalid item_id');
    }
?>

<html lang="en">
<head>
    <title>TechBay | Manage Shop</title>
    <link href="../css/techbey.css" rel="stylesheet" type="text/css">
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js"></script>
    <script type="text/javascript" src="js/btns.js"></script>
</head>
<body>
    <script>if (top != self) { top.location = self.location; }</script>
    <div id="headerBar">
        <div class="container">
            <div class="left">
                <a href="/"><h1 title="logo" id="Logo">T<span id="ech">ech</span>BAY</h1></a>
            </div>
        </div>
    </div>
    <div  id="wrapper">
        <div class="left" id="left_navigation">
        </div>
        <div id="main">
            <div class="container">
                <?php
                    $owner_option = ' class="hidden" ';
                    include("conn.php");
                    if(isset($_SESSION['username'])) {
                        $query = "SELECT shops.shop_owner FROM shops INNER JOIN items ON items.item_shop=shops.shop_name WHERE items.item_id=$1";
                        pg_prepare($con, 'check_owner', $query) or die('Could not prepare statement');
                        $rs = pg_execute($con, 'check_owner', array($item_id,)) or die("Fail to identify item owner");
                        $row = pg_fetch_assoc($rs);
                         
                        if($_SESSION['username'] == $row['shop_owner']) {
                            $owner_option = '';
                        }
                    }
                    
                    $query = "SELECT * FROM items WHERE item_id=$1";
                    pg_prepare($con, 'item_detail', $query) or die('Could not prepare statement');
                    $rs = pg_execute($con, 'item_detail', array($item_id,)) or die("Could not make query");
                    $row = pg_fetch_assoc($rs) or die("Could not fetch rows");
                    $file_path = $row['item_path'];
                    $split_price = explode('$', $row['item_price']);
                    $raw_price = $split_price[1];
                    $price_pieces = explode(',', $raw_price);
                    
                    $i = 0;
                    $price = '';
                    while($i < count($price_pieces)) {
                        $price = $price . $price_pieces[$i];
                        $i = $i + 1;
                    }
                    
                    $option_array = array("","","","");
                    if($row['item_category'] == "Home") $option_array[0] = "selected=selected";
                    if($row['item_category'] == "Electronics") $option_array[1] = "selected=selected";
                    if($row['item_category'] == "Clothing") $option_array[2] = "selected=selected";
                    if($row['item_category'] == "Shoes") $option_array[3] = "selected=selected";
                    
                    echo "<div id='img_container'><img class='item_image' src='../img/" . $file_path . "'></div>";
                    echo "<table class='updateForm'><form method='post' action='updateitem.php'>";
                    $CSRF_update_name="CSRFGuard_".mt_rand(0,mt_getrandmax());
                    $CSRF_update_token=csrfguard_generate_token($CSRF_update_name);
                    echo "<input type='hidden' name='CSRFName' value='$CSRF_update_name' /><input type='hidden' name='CSRFToken' value='$CSRF_update_token' />";
                        
                          echo "<tr><td><a class='textInUpdateForm'>Item Name</a></td><td><input type='text' name='updateItem_name' value='" . $row['item_name'] ."'></td></tr>
                                <tr><td><a class='textInUpdateForm'>Item Category</a></td><td><select id='updateItem_category' name='updateItem_category' value='". $row['item_category'] ."'><option " . $option_array[0] . ">Home</option><option ". $option_array[1] .">Electronics</option><option " . $option_array[2] . ">Clothing</option><option ". $option_array[3] .">Shoes</option></select></td></tr>
                                <tr><td><a class='textInUpdateForm'>Item Desc</a></td><td><input type='text' name='updateItem_desc' value='". $row['item_desc'] ."'></td></tr>
                                <tr><td><a class='textInUpdateForm'>Item Price</a></td><td><input type='text' name='updateItem_price' value='". $price ."'></td></tr>
                                <tr><td><a class='textInUpdateForm'>Item Stock</a></td><td><input type='text' name='updateItem_stock' value='". $row['item_stock'] ."'></td></tr>
                                <tr><td></td><td><input class='hidden' name='updateItem_id' value='". $item_id ."'></td></tr>
                                <tr><td></td><td><input type='submit'" . $owner_option . "value='Update Item'></td></tr></form>
                                <form class='deleteForm' method='post' action='deleteitem.php'>";
$CSRF_delete_name="CSRFGuard_".mt_rand(0,mt_getrandmax());
$CSRF_delete_token=csrfguard_generate_token($CSRF_delete_name);
echo "<input type='hidden' name='CSRFName' value='$CSRF_delete_name' /><input type='hidden' name='CSRFToken' value='$CSRF_delete_token' />";
echo "<tr><td><input class='hidden' name='deleteItem_id' value='" . $item_id . "'></td><td><input type='submit'". $owner_option ."value='Delete Item'></td></tr></form>
                            </table>";
                ?>
            </div>
        </div>
        <div class="right" id="right_navigation">
            
        </div>
    </div>
    <div id="footerBar">
        <div class="container">
            <p class="textInFooter">Jie Dong & Fang Yang 2012</p>
        </div>  
    </div>
</body>
</html>
